CVE-2014-3676

shim 0.3-0.8 - Remote Code Execution via Crafted IPv6 Address in TFTP DHCPv6 Boot Option

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96988
Exploit, Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/10/13/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70409
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1801.html

Scores

EPSS 0.0523
EPSS Percentile 91.6%

Details

CWE
CWE-787
Status published
Products (1)
redhat/shim 0.3 - 0.8
Published Oct 22, 2014
Tracked Since Feb 18, 2026